Releases: umbraco/Umbraco-CMS
Releases · umbraco/Umbraco-CMS
15.2.3
Changes
Security updates
- Improper API access control allows low-privilege users access to data type functionality - Advisory GHSA-6ffg-mjg7-585x
- Restricted editor user can delete media item or access unauthorized content - Advisory GHSA-wx5h-wqfq-v698
- Updated ImageSharp dependency to patched version following CVE-2025-27598
Full Changelog: release-15.2.2...release-15.2.3
14.3.3
Changes
Security updates
- Improper API access control allows low-privilege users access to data type functionality - Advisory GHSA-6ffg-mjg7-585x
- Restricted editor user can delete media item or access unauthorized content - Advisory GHSA-wx5h-wqfq-v698
- Updated ImageSharp dependency to patched version following CVE-2025-27598
Full Changelog: release-14.3.2...release-14.3.3
13.7.1
Changes
Security updates
- Improper API access control allows low-privilege users access to data type functionality - Advisory GHSA-6ffg-mjg7-585x
- Restricted editor user can delete media item or access unauthorized content - Advisory GHSA-wx5h-wqfq-v698
- Updated ImageSharp dependency to patched version following CVE-2025-27598
Full Changelog: release-13.7.0...release-13.7.1
10.8.9
Changes
Security updates
- Improper API access control allows low-privilege users access to data type functionality - Advisory GHSA-6ffg-mjg7-585x
- Restricted editor user can delete media item or access unauthorized content - Advisory GHSA-wx5h-wqfq-v698
- Updated ImageSharp dependency to patched version following CVE-2025-27598
Full Changelog: release-10.8.8...release-10.8.9
15.3.0-rc2
What's Changed Since 15.3.0-rc
🔒 Security updates
- Improper API access control allows low-privilege users access to data type functionality - Advisory GHSA-6ffg-mjg7-585x
- Restricted editor user can delete media item or access unauthorized content - Advisory GHSA-wx5h-wqfq-v698
- Updated ImageSharp dependency to patched version following CVE-2025-27598
🐛 Bug Fixes
- v15: Remove duplicate webhook registration by @Zeegaan in #18594
- Fixed issue with slider max validation using default 0 value by @AndyButland in #18616
Full Changelog: release-15.3.0-rc...release-15.3.0-rc2
What's Changed Since The Previous Release (15.2.3)
📦 Dependencies
- Bump @umbraco-cms/backoffice from 15.0.0 to 15.1.2 in /src/Umbraco.Web.UI.Login by @dependabot in #18064
- Bump vite from 5.4.11 to 5.4.14 in /src/Umbraco.Web.UI.Login by @dependabot in #18066
- Bump vite from 5.4.11 to 5.4.14 in /src/Umbraco.Web.UI.Client by @dependabot in #18193
- V15: Bump minimum required Node.js to V22 by @iOvergaard in #18274
- Bump dompurify from 3.2.3 to 3.2.4 in /src/Umbraco.Web.UI.Client by @dependabot in #18360
- Bump dompurify from 3.2.3 to 3.2.4 in /src/Umbraco.Web.UI.Login by @dependabot in #18362
- V15: update npm dependencies for login screen by @iOvergaard in #18373
- V15: Update Backoffice NPM dependencies by @iOvergaard in #18376
🚀 New Features
- Feature: Code Editor modal, adds pretty-print support by @leekelleher in #18123
- Feature: Tiptap: Generic markup support by @leekelleher in #18124
- Bugfix: Content Picker Search - support allowed content types config by @madsrasmussen in #18042
- V15: Show upload progress for dropped files in the Media Library by @iOvergaard in #18148
- V15: Client should validate maxFileSize and allowed/disallowed file types from server configuration by @iOvergaard in #18163
- Feature: workspace info app extension by @madsrasmussen in #18014
- Tiptap RTE: Add CSS support for extensions by @leekelleher in #18075
- V15/feature/notification-whitespace by @iOvergaard in #18190
- V15: Show server configuration when configuring the Upload Field by @iOvergaard in #18185
- Feature: Media Type Create Options by @madsrasmussen in #18196
- V15: Add progress UI to the Upload Field property editor by @iOvergaard in #18188
- Help Header App, popover placement + code tidy-up by @leekelleher in #18329
- Content dashboard, info box drop-shadow by @leekelleher in #18327
- V15: Show duration on time displays by @iOvergaard in #18341
- V15: Add a button to clear schedule by @iOvergaard in #18339
- V15: Save the variant before scheduling by @iOvergaard in #18344
- Tiptap RTE: Cascading Style Select Menu by @leekelleher in #18364
- Feature: Display current variant item name by @madsrasmussen in #18311
- Tiptap RTE: Table extension enhancements by @leekelleher in #18365
- Feature: Data mapping extension + aligning reference lists by @madsrasmussen in #18318
- Feature: Delete/Trash referenced by by @madsrasmussen in #18351
- Feature: Bulk Delete/Trash referenced by by @madsrasmussen in #18393
- Tiptap RTE: Font Family / Font Size toolbar items by @leekelleher in #18443
- V15: Adds validation on date from/to inputs in the schedule modal by @iOvergaard in #18437
- V15: Serverside Media Picker Validation by @nikolajlauridsen in #18429
- Feature: Property Value Preset by @nielslyngsoe in #18423
- Server side validation for property editors (integer, decimal and slider) by @AndyButland in #18428
- Tiptap RTE: configuration localizations by @leekelleher in #18125
- Tiptap RTE: Trailing Node extension by @leekelleher in #18446
- Tiptap RTE: Text Direction extension by @leekelleher in #18459
- Split force for publish descendants into separate options for publish unpublish and re-publish unedited by @AndyButland in #18270
- Warn when content is unroutable by @Zeegaan in #17837
🐛 Bug Fixes
- Allow skipSelect blueprints only when one blueprint exists by @callumbwhyte in #17818
- Health Check items "back to overview" link omits backoffice url segment by @matthewcare in #17828
- Add NoopCurrentMemberClaimsProvider so Umbraco can boot without the Delivery API enabled by @kjac in #18049
- Fix create child issue in list view with infinite editor (#13355). by @mvennevold in #17637
- Replaced deprecated navigator.platform with navigator.userAgent for platform detection. by @manutdkid77 in #17373
- Fix settings value begin indifference (17989) by @nielslyngsoe in #18022
- Feature: make areas optional by @nielslyngsoe in #18057
- Numeric property editor range and misconfiguration validation by @AndyButland in #17991
- 15: Convert pagesize properly to skip and take by @Zeegaan in #18069
- Handles migration case where an expected constraint is renamed but the constraint does not exist by @AndyButland in #18063
- Fix: 17764 by @nielslyngsoe in #18093
- Add clientside validation to webhook events by @kjac in #18089
- Allowed retrieval of current user configuration when accessing user profile as a non-admin user by @AndyButland in #18099
- V15/bugfix/Reset image crop button fix by @jonat123 in #18106
- V15: Add authorization to saves by @nikolajlauridsen in #18111
- Make it possible to reset media picker crops by @kjac in #18110
- Redirect to the published URL when exiting preview by @kjac in #18114
- Fix: stop using redirects in collections by @nielslyngsoe in #18112
- Bugfix: Remove sidebar bottom space by @nielslyngsoe in #18087
- Avoid wasting a whole thread watching for a filesystem change 😬 by @JasonElkin in #18119
- Updated the dialog label for User -> Assign Access -> Media Start nodes by @jonat123 in #18043
- updated the link picker modal and the property editors using it. by @jonat123 in #18059
- Bugfix: Align collection item entity actions with menu item entity actions by @madsrasmussen in #18118
- Refreshed display of check results after all checks are complete by @AndyButland in #18131
- Feature: Clean up validation messages by @nielslyngsoe in #18092
- V15: Media library crashes when uploading large files by @iOvergaard in #18113
- Added a check that we have a route before attempting to include it in the other URLs for a published document by @AndyButland in #18135
- Fix: Mandatory for Image Cropper (17372) by @nielslyngsoe in #18108
- Fix: media picker mandatory validation by @nielslyngsoe in #18109
- V13: remove unused parameters and documentation by @iOvergaard in #18095
- Fixes rollback of variant page name by @AndyButland in #18136
- Set document to readonly when a user is not allowe...
Contributors
leekelleher, mattbrailsford, and 27 other contributors
Assets 2
15.3.0-rc
What's Changed
📦 Dependencies
- Bump @umbraco-cms/backoffice from 15.0.0 to 15.1.2 in /src/Umbraco.Web.UI.Login by @dependabot in #18064
- Bump vite from 5.4.11 to 5.4.14 in /src/Umbraco.Web.UI.Login by @dependabot in #18066
- Bump vite from 5.4.11 to 5.4.14 in /src/Umbraco.Web.UI.Client by @dependabot in #18193
- V15: Bump minimum required Node.js to V22 by @iOvergaard in #18274
- Bump dompurify from 3.2.3 to 3.2.4 in /src/Umbraco.Web.UI.Client by @dependabot in #18360
- Bump dompurify from 3.2.3 to 3.2.4 in /src/Umbraco.Web.UI.Login by @dependabot in #18362
- V15: update npm dependencies for login screen by @iOvergaard in #18373
- V15: Update Backoffice NPM dependencies by @iOvergaard in #18376
🚀 New Features
- Feature: Code Editor modal, adds pretty-print support by @leekelleher in #18123
- Feature: Tiptap: Generic markup support by @leekelleher in #18124
- Bugfix: Content Picker Search - support allowed content types config by @madsrasmussen in #18042
- V15: Show upload progress for dropped files in the Media Library by @iOvergaard in #18148
- V15: Client should validate maxFileSize and allowed/disallowed file types from server configuration by @iOvergaard in #18163
- Feature: workspace info app extension by @madsrasmussen in #18014
- Tiptap RTE: Add CSS support for extensions by @leekelleher in #18075
- V15/feature/notification-whitespace by @iOvergaard in #18190
- V15: Show server configuration when configuring the Upload Field by @iOvergaard in #18185
- Feature: Media Type Create Options by @madsrasmussen in #18196
- V15: Add progress UI to the Upload Field property editor by @iOvergaard in #18188
- Help Header App, popover placement + code tidy-up by @leekelleher in #18329
- Content dashboard, info box drop-shadow by @leekelleher in #18327
- V15: Show duration on time displays by @iOvergaard in #18341
- V15: Add a button to clear schedule by @iOvergaard in #18339
- V15: Save the variant before scheduling by @iOvergaard in #18344
- Tiptap RTE: Cascading Style Select Menu by @leekelleher in #18364
- Feature: Display current variant item name by @madsrasmussen in #18311
- Tiptap RTE: Table extension enhancements by @leekelleher in #18365
- Feature: Data mapping extension + aligning reference lists by @madsrasmussen in #18318
- Feature: Delete/Trash referenced by by @madsrasmussen in #18351
- Feature: Bulk Delete/Trash referenced by by @madsrasmussen in #18393
- Tiptap RTE: Font Family / Font Size toolbar items by @leekelleher in #18443
- V15: Adds validation on date from/to inputs in the schedule modal by @iOvergaard in #18437
- V15: Serverside Media Picker Validation by @nikolajlauridsen in #18429
- Feature: Property Value Preset by @nielslyngsoe in #18423
- Server side validation for property editors (integer, decimal and slider) by @AndyButland in #18428
- Tiptap RTE: configuration localizations by @leekelleher in #18125
- Tiptap RTE: Trailing Node extension by @leekelleher in #18446
- Tiptap RTE: Text Direction extension by @leekelleher in #18459
- Split force for publish descendants into separate options for publish unpublish and re-publish unedited by @AndyButland in #18270
- Warn when content is unroutable by @Zeegaan in #17837
🐛 Bug Fixes
- Allow skipSelect blueprints only when one blueprint exists by @callumbwhyte in #17818
- Health Check items "back to overview" link omits backoffice url segment by @matthewcare in #17828
- Add NoopCurrentMemberClaimsProvider so Umbraco can boot without the Delivery API enabled by @kjac in #18049
- Fix create child issue in list view with infinite editor (#13355). by @mvennevold in #17637
- Replaced deprecated navigator.platform with navigator.userAgent for platform detection. by @manutdkid77 in #17373
- Fix settings value begin indifference (17989) by @nielslyngsoe in #18022
- Feature: make areas optional by @nielslyngsoe in #18057
- Numeric property editor range and misconfiguration validation by @AndyButland in #17991
- 15: Convert pagesize properly to skip and take by @Zeegaan in #18069
- Handles migration case where an expected constraint is renamed but the constraint does not exist by @AndyButland in #18063
- Fix: 17764 by @nielslyngsoe in #18093
- Add clientside validation to webhook events by @kjac in #18089
- Allowed retrieval of current user configuration when accessing user profile as a non-admin user by @AndyButland in #18099
- V15/bugfix/Reset image crop button fix by @jonat123 in #18106
- V15: Add authorization to saves by @nikolajlauridsen in #18111
- Make it possible to reset media picker crops by @kjac in #18110
- Redirect to the published URL when exiting preview by @kjac in #18114
- Fix: stop using redirects in collections by @nielslyngsoe in #18112
- Bugfix: Remove sidebar bottom space by @nielslyngsoe in #18087
- Avoid wasting a whole thread watching for a filesystem change 😬 by @JasonElkin in #18119
- Updated the dialog label for User -> Assign Access -> Media Start nodes by @jonat123 in #18043
- updated the link picker modal and the property editors using it. by @jonat123 in #18059
- Bugfix: Align collection item entity actions with menu item entity actions by @madsrasmussen in #18118
- Refreshed display of check results after all checks are complete by @AndyButland in #18131
- Feature: Clean up validation messages by @nielslyngsoe in #18092
- V15: Media library crashes when uploading large files by @iOvergaard in #18113
- Added a check that we have a route before attempting to include it in the other URLs for a published document by @AndyButland in #18135
- Fix: Mandatory for Image Cropper (17372) by @nielslyngsoe in #18108
- Fix: media picker mandatory validation by @nielslyngsoe in #18109
- V13: remove unused parameters and documentation by @iOvergaard in #18095
- Fixes rollback of variant page name by @AndyButland in #18136
- Set document to readonly when a user is not allowed to create / update by @madsrasmussen in #18076
- Pass user Id to audit when saving and deleting members by @AndyButland in #18120
- Added Resharper test assemblies to exclude list on TypeFinder by @AndyButland in #18145
- Do not allow editing read-only properties by clicking their labels by @kjac in #18152
- Fix task return and apply correct disposal pattern for FileSystemMainDomLock by @JasonElkin in #18147
- Provides an option to remove the inessential version number from the generated models by @AndyButland in #18081
- V15: Fix Url Preview by @nikolajlauridsen in #18072
- Exc...
Contributors
leekelleher, mattbrailsford, and 27 other contributors
Assets 2
13.7.0
What's Changed Since 13.7.0-rc
There have been no further updates since the 13.7.0-rc release.
Full Changelog: release-13.7.0-rc...release-13.7.0
What's Changed Since The Previous Release (13.6.0)
- Lucene Package Update to Address CVE-2024-43383 by @amsclark in #17942
- Allow skipSelect blueprints only when one blueprint exists by @callumbwhyte in #17818
- Fix create child issue in list view with infinite editor (#13355). by @mvennevold in #17637
- Replaced deprecated navigator.platform with navigator.userAgent for platform detection. by @manutdkid77 in #17373
- Handles migration case where an expected constraint is renamed but the constraint does not exist by @AndyButland in #18063
- Add clientside validation to webhook events by @kjac in #18089
- Make it possible to reset media picker crops by @kjac in #18110
- Redirect to the published URL when exiting preview by @kjac in #18114
- Added Resharper test assemblies to exclude list on TypeFinder by @AndyButland in #18145
- Do not allow editing read-only properties by clicking their labels by @kjac in #18152
- Provides an option to remove the inessential version number from the generated models by @AndyButland in #18081
- Excluded tags from trashed content by @AndyButland in #18164
- More robust resolving of Delivery API redirects by @kjac in #18160
- Fix out of memory file upload of 2gb+ files introduced by #14657 SVG xss by @TimBoonstra in #17421
- Update auth.element.ts by @garpunkal in #18192
- Enforce user start nodes for media uploads through the RTE by @kjac in #18204
- Show notifications menu only to users with permission for the feature by @AndyButland in #18184
- V13: Fix members while using basic auth. by @nikolajlauridsen in #18206
- Set Smidge cachebuster type by @SimonHartfield in #18198
- Cache null dictionary values by key by @callumbwhyte in #15576
- Review: Allow Duplicate Email for Members by @jasont0101 in #16202
- Fix issues in newly added buttongroup localization by @Migaroez in #18254
- Fix 11643 by @nielslyngsoe in #18257
- Add validation to prevent update of a user or member to an invalid username (13) by @AndyButland in #18261
- Avoid an exception on sign out when the principal is populated from an incomplete external login by @AndyButland in #18078
- Prevents folder selection in media picker when used from the multi URL picker by @AndyButland in #18288
- URL encodes member user names when passing information for public access setting such that those with user names as emails containing a plus will be included in the rule by @AndyButland in #18142
- Fixed userResource request to get all users by @AndyButland in #18105
- Backport use of thread delay over sleep and handle dispose in FileSystemMainDomLock by @AndyButland in #18151
Full Changelog: release-13.6.0...release-13.7.0
New Contributors
- @amsclark made their first contribution in #17942
- @mvennevold made their first contribution in #17637
- @TimBoonstra made their first contribution in #17421
- @SimonHartfield made their first contribution in #18198
- @jasont0101 made their first contribution in #16202
Contributors
amsclark, AndyButland, and 11 other contributors
Assets 2
15.2.2
13.7.0-rc
What's Changed
- Lucene Package Update to Address CVE-2024-43383 by @amsclark in #17942
- Allow skipSelect blueprints only when one blueprint exists by @callumbwhyte in #17818
- Fix create child issue in list view with infinite editor (#13355). by @mvennevold in #17637
- Replaced deprecated navigator.platform with navigator.userAgent for platform detection. by @manutdkid77 in #17373
- Handles migration case where an expected constraint is renamed but the constraint does not exist by @AndyButland in #18063
- Add clientside validation to webhook events by @kjac in #18089
- Make it possible to reset media picker crops by @kjac in #18110
- Redirect to the published URL when exiting preview by @kjac in #18114
- Added Resharper test assemblies to exclude list on TypeFinder by @AndyButland in #18145
- Do not allow editing read-only properties by clicking their labels by @kjac in #18152
- Provides an option to remove the inessential version number from the generated models by @AndyButland in #18081
- Excluded tags from trashed content by @AndyButland in #18164
- More robust resolving of Delivery API redirects by @kjac in #18160
- Fix out of memory file upload of 2gb+ files introduced by #14657 SVG xss by @TimBoonstra in #17421
- Update auth.element.ts by @garpunkal in #18192
- Enforce user start nodes for media uploads through the RTE by @kjac in #18204
- Show notifications menu only to users with permission for the feature by @AndyButland in #18184
- V13: Fix members while using basic auth. by @nikolajlauridsen in #18206
- Set Smidge cachebuster type by @SimonHartfield in #18198
- Cache null dictionary values by key by @callumbwhyte in #15576
- Review: Allow Duplicate Email for Members by @jasont0101 in #16202
- Fix issues in newly added buttongroup localization by @Migaroez in #18254
- Fix 11643 by @nielslyngsoe in #18257
- Add validation to prevent update of a user or member to an invalid username (13) by @AndyButland in #18261
- Avoid an exception on sign out when the principal is populated from an incomplete external login by @AndyButland in #18078
- Prevents folder selection in media picker when used from the multi URL picker by @AndyButland in #18288
- URL encodes member user names when passing information for public access setting such that those with user names as emails containing a plus will be included in the rule by @AndyButland in #18142
- Fixed userResource request to get all users by @AndyButland in #18105
- Backport use of thread delay over sleep and handle dispose in FileSystemMainDomLock by @AndyButland in #18151
New Contributors
- @amsclark made their first contribution in #17942
- @mvennevold made their first contribution in #17637
- @TimBoonstra made their first contribution in #17421
- @SimonHartfield made their first contribution in #18198
- @jasont0101 made their first contribution in #16202
Full Changelog: release-13.6.0...release-13.7.0-rc
Contributors
amsclark, AndyButland, and 11 other contributors
Assets 2
15.2.1
Contributors
Migaroez